Mostly about System Center Operations Manager

Menu

I have no idea how often I have used PowerShell scripts to build or extend SCOM Management Packs. Almost daily it must have been. Occasionally I stumbled over PowerShell version issues because the SCOM agent had its own logic of choosing a PowerShell version. To circumvent these, I basically limited myself to write (and test!!!) my scripts on PowerShell 2.0 and .NET 2.0 environments.

The current behavior for agents is to choose a CLR version based on the operating system version. For Windows Server 2012 and newer, the .NET Framework 4.0 is loaded. For operating systems older than Windows Server 2012, the .NET Framework 2.0 family is loaded. On management servers, the .NET Framework 2.0 family is loaded. This essentially maps the .NET Framework version used to the version available out-of-box on the server. The problem with the current behavior is that even if the Management Pack author knows that .NET Framework 4.0 is present on the system, it cannot be used.

In the new behavior, the agent loads the .NET Framework 4.0 if it is available else it falls back to the .NET Framework 2.0.

What this do not easily reveal: Since .NET Framework 4.0 is now chosen, the SCOM agent and SCOM management server can use PowerShell 4.0 or 5.0. That is fantastic news. It means the SCOM agent (Microsoft Monitoring Agent respectively HealthService) is now making use of the most recent PowerShell version installed on an OS.

SCOM PowerShell module behaviour

When using the Windows Library’s PowerShell modules (e.g. Microsoft.Windows.PowerShellProbe), the following logic applies:

SCOM 2012 R2

Machine Type

<= 7.1.10218.0 (UR 6)

>= 7.1.10229.0 (UR 7)

Management Server / Gateway

PS 3.0 if installed; otherwise PS 2.0

PS 4.0 or 5.0 (if .NET 4.0 and PS >= 4.0 are installed)

PS 2.0 (if .NET 4.0 or PS >= 4.0 are not installed)

Agent

PS 2.0 / .NET 2.0

Note on legacy Windows versions: PowerShell 2.0 is the minimum requirement to use the agent’s PowerShell modules. And PowerShell is always installed or upgraded as part of the “Windows Management Framework”.

To verify that newer PowerShell versions are used after upgrading to SOM 2012 R2 UR 7, I wrote a simple MP with agent tasks. The following table shows the sample output of a Windows 2008 R2 system, having WMF 5.0 preview installed:

before UR7

with UR 7

Operating
System: Microsoft Windows Server 2008 R2 Enterprise

PowerShell
Host: OpsMgr PowerShell Host

Powershell Version: 2.0

Common
Language Runtime .NET: 2.0.50727.5485

Operating
System: Microsoft Windows Server 2008 R2 Enterprise

PowerShell
Host: OpsMgr PowerShell Host

Powershell Version: 5.0.10105.0

Common
Language Runtime .NET: 4.0.30319.34209

So at last I can start writing PowerShell workflows for SCOM in 4.0 or 5.0 manner – provided I can guarantee that every agent has UR7 or later installed!

Using PowerShell.exe as an alternative (System.CommandExecuterProbe)

When you look closely at the output of the table above, you can see that the PowerShell host is “OpsMgr PowerShell Host”. SCOM PowerShell modules are not running on Windows’ native PowerShell host (ConsoleHost). Instead a SCOM internal host is used, that is optimized for agent use. Occasionally this can lead to issues with very advanced PowerShell workflows.

If this happens, and only then (!) the following approach may be used. Instead of using the native SCOM PowerShell modules, the System.CommandExecuterProbe can call PowerShell.exe. However; you have to make sure, the execution policy for our workflow is set no stricter than “RemoteSigned”. Otherwise the script will not be run.

Examples for this are found in SharePoint MPs or were used back in SCOM 2007 days to run PowerShell scripts. Or have a look at my own sample MP linked at the end of this post.